Merge pull request #360 from AzureAD/prompt-create

rayluo · web-flow · commit cb5f36fc486b · 2021-05-13T18:45:00.000-07:00
A demo on how to use prompt=create
diff --git a/msal/__init__.py b/msal/__init__.py
@@ -31,5 +31,6 @@
     ConfidentialClientApplication,
     PublicClientApplication,
     )
+from .oauth2cli.oidc import Prompt
 from .token_cache import TokenCache, SerializableTokenCache
 
diff --git a/msal/oauth2cli/oidc.py b/msal/oauth2cli/oidc.py
@@ -83,6 +83,19 @@ def _nonce_hash(nonce):
     return hashlib.sha256(nonce.encode("ascii")).hexdigest()
 
 
+class Prompt(object):
+    """This class defines the constant strings for prompt parameter.
+
+    The values are based on
+    https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+    """
+    NONE = "none"
+    LOGIN = "login"
+    CONSENT = "consent"
+    SELECT_ACCOUNT = "select_account"
+    CREATE = "create"  # Defined in https://openid.net/specs/openid-connect-prompt-create-1_0.html#PromptParameter
+
+
 class Client(oauth2.Client):
     """OpenID Connect is a layer on top of the OAuth2.
 
@@ -217,6 +230,8 @@ def obtain_token_by_browser(
             `OIDC <https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>`_.
         :param string prompt: Defined in
             `OIDC <https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>`_.
+            You can find the valid string values defined in :class:`oidc.Prompt`.
+
         :param int max_age: Defined in
             `OIDC <https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>`_.
         :param string ui_locales: Defined in
@@ -232,7 +247,7 @@ def obtain_token_by_browser(
         for descriptions on other parameters and return value.
         """
         filtered_params = {k:v for k, v in dict(
-            prompt=prompt,
+            prompt=" ".join(prompt) if isinstance(prompt, (list, tuple)) else prompt,
             display=display,
             max_age=max_age,
             ui_locales=ui_locales,
diff --git a/sample/interactive_sample.py b/sample/interactive_sample.py
@@ -62,7 +62,9 @@
             # after already extracting the username from an earlier sign-in
             # by using the preferred_username claim from returned id_token_claims.
 
-        #prompt="select_account",  # Optional. It forces to show account selector page
+        #prompt=msal.Prompt.SELECT_ACCOUNT,  # Or simply "select_account". Optional. It forces to show account selector page
+        #prompt=msal.Prompt.CREATE,  # Or simply "create". Optional. It brings user to a self-service sign-up flow.
+            # Prerequisite: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow
         )
 
 if "access_token" in result:

Original file line number	Diff line number	Diff line change
`@@ -31,5 +31,6 @@`
`31`	`31`	`ConfidentialClientApplication,`
`32`	`32`	`PublicClientApplication,`
`33`	`33`	`)`
	`34`	`+from .oauth2cli.oidc import Prompt`
`34`	`35`	`from .token_cache import TokenCache, SerializableTokenCache`
`35`	`36`
Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,9 @@`
`62`	`62`	`# after already extracting the username from an earlier sign-in`
`63`	`63`	`# by using the preferred_username claim from returned id_token_claims.`
`64`	`64`
`65`		`- #prompt="select_account", # Optional. It forces to show account selector page`
	`65`	`+ #prompt=msal.Prompt.SELECT_ACCOUNT, # Or simply "select_account". Optional. It forces to show account selector page`
	`66`	`+ #prompt=msal.Prompt.CREATE, # Or simply "create". Optional. It brings user to a self-service sign-up flow.`
	`67`	`+ # Prerequisite: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow`
`66`	`68`	`)`
`67`	`69`
`68`	`70`	`if "access_token" in result:`